Re: Domainkeys and ISPs

To: debian-isp@lists.debian.org
Subject: Re: Domainkeys and ISPs
From: Lionel Elie Mamane <lionel@mamane.lu>
Date: Fri, 14 Mar 2008 07:58:58 +0100
Message-id: <20080314065858.GA25311@capsaicin.mamane.lu>
Mail-followup-to: Lionel Elie Mamane <lionel@mamane.lu>, debian-isp@lists.debian.org
In-reply-to: <47D9B2A2.2030606@goirand.fr>
References: <47D73995.30203@saneinc.net> <47D7ABB4.2060305@goirand.fr> <20080312132232.GB11516@saneinc.net> <47D7FFC9.4080101@goirand.fr> <008a01c8845e$38fd0f40$9e00a8c0@D9300> <7ff145960803121144j7b4e7c52u5eb22ff5ff9467b5@mail.gmail.com> <20080313112048.GB20883@fantomas.sk> <47D94BB5.1030204@goirand.fr> <20080313214300.GA17330@capsaicin.mamane.lu> <47D9B2A2.2030606@goirand.fr>

On Fri, Mar 14, 2008 at 07:02:58AM +0800, Thomas Goirand wrote:
> Lionel Elie Mamane wrote:
>> On Thu, Mar 13, 2008 at 11:43:49PM +0800, Thomas Goirand wrote:

>>> I just had a test with dkimproxy. A very simple test with the
>>> mailx package (eg: Mail from the command line).

>>> So as you see, dkimproxy needs a list of domains for which it
>>> signs email. If you are receiving a mail from another server, and
>>> then forwards it, of course, it's not in the list, and then it's
>>> not signed.

>> That doesn't sound obvious to me. Let's assume you have two users,
>> A and B, with email addresses A@example.org and B@example.org . B
>> get his email forwarded to b@vanity.domain, and A runs his own
>> direct-to-MX delivery server (or relay server) (or contracts one
>> from a third party; the point is not yours).

>> That's a situation where your assumption of "If you are receiving a
>> mail from another server, and then forwards it, of course, it's not
>> in the list" does not hold: If A sends a mail to B@example.org with
>> return path of A@example.org; should that mail get signed? Probably
>> not. Because if you sign that mail, you'll also sign joe-job spam
>> mail, and that's something you wouldn't want, I presume.

> In that case, I believe that our normal postfix rules would detect it,
> and reject the email, no?

I'm not sure if "that case" refers to A's legit mail or to the joe-job
spam.

If it refers to A's legit mail:

 Why would you want to reject the email? It is one of your users using
 his email address in your domain to send mail to another of your
 users. Totally legit, bona fide, all that.

If it refers to the joe-job spam:

 How do you differentiate between A's legit mail and the joe-job?

> Anyway, I don't think it's based  on the return-path: field...

I was refering to the return path in the SMTP envelope, obviously. If
the "the list of domains for which it signs mail" is not a list of
domains for the return path / sender in the SMTP envelope, then it is
a list of domains for *what*?

-- 
Lionel

Reply to:

Follow-Ups:
- Re: Domainkeys and ISPs
  - From: Thomas Goirand <thomas@goirand.fr>

References:
- Domainkeys and ISPs
  - From: Michael Sprague <mfs@saneinc.net>
- Re: Domainkeys and ISPs
  - From: Thomas Goirand <thomas@goirand.fr>
- Re: Domainkeys and ISPs
  - From: Michael Sprague <mfs@saneinc.net>
- Re: Domainkeys and ISPs
  - From: Thomas Goirand <thomas@goirand.fr>
- Re: Domainkeys and ISPs
  - From: "Andrew McGlashan" <andrew.mcglashan@affinityvision.com.au>
- Re: Domainkeys and ISPs
  - From: "Jim Popovitch" <yahoo@jimpop.com>
- Re: Domainkeys and ISPs
  - From: Matus UHLAR - fantomas <uhlar@fantomas.sk>
- Re: Domainkeys and ISPs
  - From: Thomas Goirand <thomas@goirand.fr>
- Re: Domainkeys and ISPs
  - From: Lionel Elie Mamane <lionel@mamane.lu>
- Re: Domainkeys and ISPs
  - From: Thomas Goirand <thomas@goirand.fr>

Prev by Date: Re: Domainkeys and ISPs
Next by Date: Re: Domainkeys and ISPs
Previous by thread: Re: Domainkeys and ISPs
Next by thread: Re: Domainkeys and ISPs
Index(es):
- Date
- Thread